Information Security News
mailing list archives
Meet the world's baddest cyber cops
From: InfoSec News <isn () c4i org>
Date: Thu, 27 Sep 2001 04:14:52 -0500 (CDT)
[One has to wonder if Mr. Neal & his team still have jobs in light of
recent events with Exodus filing for Chapter 11 on Wednesday? - WK]
By John Galvin, Special to ZDNet
26 September 2001
They're not the feds, but they're taking down hackers, organised
criminals, script kiddies, and other threats to your company. A report
from the front lines.
For Charles Neal, a 20-year veteran of the FBI, Mafiaboy was the
watershed case for cybercrime. On Monday, February 7, 2000, a
15-year-old from suburban Montreal with the online moniker Mafiaboy
launched a weeklong Internet attack on Yahoo, CNN.com, Amazon.com,
eBay, Dell, Buy.com, and several others, causing losses estimated in
The hacker hit the companies with what is now commonly known as a
distributed denial-of-service attack, which flooded the victims'
Internet servers with messages until they collapsed. The teen later
told investigators in a taped interview that when he saw the chaos his
attack caused he almost wet his pants.
Mafiaboy was not a sophisticated hacker. He begged the software now
widely available on several Internet hacker sites from other hackers
and then used it to break into and gain root access to more than 50
servers, most of them located at American universities. He then used
those servers to launch his assault.
That morning, calls began coming into Neal's office at the FBI's Los
Angeles computer intrusion squad, a group he formed in 1995 that had
investigated computer-crime cases including those of Kevin Mitnick and
the Solar Sunrise attacks against the Pentagon. Neal sent an agent to
the data centre of Exodus Communications, one of the world's largest
IP networks, whose corporate customers include many of Mafiaboy's
victims. Neal wanted to see what Exodus's server logs would reveal
about the attacks.
The agent showed up at Exodus but was turned away and told not to come
back without a subpoena. The high-tech industry has developed an
almost institutional fear of bad publicity, reasoning that covering up
attacks is better than letting FBI agents poke around their systems
and launch a very public investigation.
When Neal found out, he was apoplectic. "These were their clients!" he
says. He finally reached Exodus's chief security officer, Bill
Hancock, who had started work that day. "I said, 'Bill Hancock! This
is Charles Neal of the FBI and you have some very rude people working
for you!' " Hancock, who had met Neal at security conferences, told
him, "That's all going to change today."
Neal's team soon began poring over Exodus's logs, ultimately tracing
the attacks to Mafiaboy's home computer. Jill Knesek, the case agent,
then flew to Montreal where the Royal Canadian Mounted Police were
placing a phone tap on Mafiaboy's house. "There were two kids in the
house," remembers Knesek. "And we had to figure out which was actually
doing the attacks."
What made Mafiaboy so important? It proved to Neal that anybody, even
someone with very limited talent, could launch a massive cyberattack.
And while Mafiaboy primarily targeted dot-coms, almost every company,
and maybe your home, is now online and networked to some extent. The
case exposed two trends in cybercrime: The weapons are becoming
increasingly easy to use, and the pool of potential victims is
Neal also concluded that maybe the FBI wasn't the best way to combat
cybercrime. Had Mafiaboy been smart enough to route his attacks
through an offshore country, as most experienced hackers do, Neal's
investigation would have been over. "Once it goes overseas it's dead,"
says Neal. "The FBI can't, by law, investigate any further. If we even
want to call a police department overseas we have to call our State
Department, which calls the people over there, and on down. It can
take months! And we don't have that much time in these cases."
That March, then FBI director Louis Freeh flew to Los Angeles to award
Neal his 20-year pin. Two months later, Neal, with seven years left
until mandatory retirement, resigned from the bureau. He wanted to
form a new computer-crime squad, one with a global reach that was part
of the private sector, staffed with law-enforcement veterans and
technologists. The idea was to respond to cyberattacks, but also to
pursue hackers organised criminals, script kiddies (amateurs like
Mafiaboy), competing companies, or even foreign countrieslike it would
any legal case. Neal envisioned changing the way companies approach
cybercrime, encouraging them to seek prosecution instead of living in
terminal fear of bad publicity.
He landed at Exodus Communications.
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
- Meet the world's baddest cyber cops InfoSec News (Sep 27)